[Cryptography] Key management, key storage. (was Re: prism proof email, namespaces, and anonymity)

Trevor Perrin trevp at trevp.net
Sat Sep 14 13:43:29 EDT 2013

On Sat, Sep 14, 2013 at 9:46 AM, Perry E. Metzger <perry at piermont.com> wrote:
> However, on the topic of key management itself, my own proposal was
> described here:
> http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
> In summary, I proposed a way you can map IDs to keys through pure
> long term observation/widely witnessed events. The idea is not
> original given that to some extent things like Certificate
> Transparency already do this in other domains.

Hi Perry,

What you're proposing is "multipath probing" of email users' public
keys.  Certificate Transparency isn't the right comparison, but this
has certainly been discussed in other domains:

Public Spaces Key Infrastructure / SecSpider (Osterweil et al, 2006, 2007) [1]
Perspectives (for HTTPS - Wendlant et al, 2008) [3]
Convergence (for HTTPS - Marlinspike, 2011) [4]
Vantages (for DNSSSEC - Osterweil et al, 2013) [5]

Probing servers is easier than probing email users, and publishing a
servername -> key directory is also easier as server names don't have
the same privacy concerns as email names.  Still, it's an interesting

Key changes are a challenge to this approach, which people tend to overlook.

One approach is to have the probed party declare a commitment to
maintaining its public key constant for some period of time, and have
this commitment be detected by the probing parties.  This provides
some timing guarantees so that the rest of the system can probe and
download new results at regular intervals, without having sudden key
changes cause glitches.  Things like HPKP [6] and TACK [7] explore
this option.


[1] http://irl.cs.ucla.edu/papers/pski.pdf
[2] http://secspider.cs.ucla.edu/docs.html
[3] http://perspectives-project.org/
[4] http://convergence.io/
[5] http://irl.cs.ucla.edu/~eoster/doc/pubdata-tpds13.pdf
[6] http://tools.ietf.org/html/draft-ietf-websec-key-pinning-08
[7] http://tack.io

More information about the cryptography mailing list